Page 1 of 5 123 ... LastLast
Results 1 to 10 of 45

Thread: The End of Buffer Overflows!

  1. #1
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021

    The End of Buffer Overflows!

    New Scientist 21 February 2004 P 21 "Chips to ease Microsoft's big securtity nightmare"

    It seems that intel & amd are about to release the latest version of their processors which, coupled with a new version of Windows XP, will prevent buffer overflows.

    ... chip makers Advance Micro Devices (AMD) and Intel are developing processor chips that will deal with the [buffer overflow] problem. AMD's Athlon-64 (for PCs) and Opteron (for servers) will protect against buffer overflows when used with a new version of Windows XP.
    The new chips/XP work by identifying memory as either executable code or data and prevent data from overwriting code and code jumping to execute data.

    A very good idea IMO

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    LOL, wait until an exploit is discovered on how the processor makes logical descisions. The exploit will go something like this: By passing 400 gigs of specially crafted data to the processor, you can overwhelm it and cause an overflow condition...


    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Senior Member
    Join Date
    Jul 2002
    Posts
    117
    Here's a thought... how about they just go back to basics and check the actual code for potential overflows?? Rather than designing in security, this just sounds like another after-the-fact patch job. Granted a rather interesting patch...

    alpha

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    By passing 400 gigs of specially crafted data to the processor, you can overwhelm it and cause an overflow condition...
    Horsey,

    I don't doubt your reasons for thinking this (your a very smart dude... and it amazes me how much you know)... but tell me... where in the hell are you going to get 400gigs of info to pass to it? Most people don't have this kind of data at hand... And if you did have 400gigs, how would you to pass that kind of data over the internet, or even over a lan/wan... it'd take quite a while... and even if they did have a connection that would support that kind of dataflow... then couldn't one just throttle their bandwidth to allow the CPU to process it?

    I think I *might* have 300gigs of data... but thats on *ALL* my PCs at home.

    Now... on my work servers, its a bit different... especially when optical storage comes into play.

    So, you're thinking local exploit?

    Can you elaborate on this a bit more?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    LOL @ Phisshy.

    Yep, the explanation is quite simple - I was kidding.

    However, whenever you take an approach like this to solve a problem rather than fixing the true problem, I wouldn't be surprised to read something like that.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    ok... I was seriously sitting here thinking how in the hell something like that was possible...

    I should have known better... lol
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Banned
    Join Date
    Feb 2004
    Posts
    93
    That's pretty cool. Although if it's hardware, it's more expensive, and harder to change. Besides, why should IBM clean up after MS?

    -Cheers-

  8. #8
    Senior Member
    Join Date
    Nov 2003
    Posts
    107
    I think it's sad that chip vendors have to covers M$'s butt, but hey, if it works, that's fine with me as long as M$ doesn't implement some type of security lockout (ie, you don't have one of these chips, XP won't operate).
    Is there a sum of an inifinite geometric series? Well, that all depends on what you consider a negligible amount.

  9. #9
    the latest version of their processors which, coupled with a new version of Windows XP
    I am not buying that. With the above quote tells me it is another marketing ploy for MS and chip manufacturers. While it may improve preventing buffer overflows, but I do not know with so many variables, programming languages, boredom of malicious programmers or other things, there is always going to be something that has stood the test of time. If you can build it, it can be broken.

  10. #10
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    From the sounds of it the companies would have to really think that this is feasable to even consider mass-producing it; and turn a profit. Either that or they have been passed some huge amounts of $$$ for this to take place. I don't have any info (inside or otherwise) on either view, but if it is true it would definately give M$ enormous bragging advantages.

    My best place to pin this down would be to ask if Linux programmers (and everyone else) will be given information on flagging code as either Executable or Data. If they are given the information for programming these new processors, then everyone wins. But only Microsoft will be the ones cheering and advertising it...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •